gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-10 04:05:32 -08:00
Code Issues Packages Projects Releases Wiki Activity

engine, rules: support matching namespaces, not just rule names

Browse Source 
closes #37
This commit is contained in:
William Ballenthin
2020-06-29 05:54:56 -06:00
parent 0a5947290b
commit 3d0bd64e1b
4 changed files with 159 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
capa/engine.py
View File

@@ -221,6 +221,9 @@ def topologically_order_rules(rules):
assumes that the rule dependency graph is a DAG.
'''
# we evaluate `rules` multiple times, so if its a generator, realize it into a list.
rules = list(rules)
namespaces = capa.rules.index_rules_by_namespace(rules)
rules = {rule.name: rule for rule in rules}
seen = set([])
ret = []
@@ -229,7 +232,7 @@ def topologically_order_rules(rules):
if rule.name in seen:
return
for dep in rule.get_dependencies():
for dep in rule.get_dependencies(namespaces):
rec(rules[dep])
ret.append(rule)
@@ -267,4 +270,10 @@ def match(rules, features, va):
results[rule.name].append((va, res))
features[capa.features.MatchedRule(rule.name)].add(va)
namespace = rule.meta.get('namespace')
if namespace:
while namespace:
features[capa.features.MatchedRule(namespace)].add(va)
namespace, _, _ = namespace.rpartition('/')
return (features, results)